refactor: replace old nginx
with nginx.ng
BREAKING CHANGE: all previous `nginx` based configurations must be reviewed; `nginx.ng` usage must be promoted to `nginx` and any uses of the original `nginx` will have to be converted.
This commit is contained in:
parent
90d2601a8b
commit
0fc507055d
@ -17,99 +17,50 @@ Available states
|
||||
:local:
|
||||
|
||||
``nginx``
|
||||
---------
|
||||
|
||||
Runs the states to install nginx, configure the common files, and the users.
|
||||
|
||||
``nginx.common``
|
||||
----------------
|
||||
|
||||
Ensures standard nginx files are in place, and configures enabled sites.
|
||||
|
||||
``nginx.luajit2``
|
||||
-----------------
|
||||
|
||||
Installs luajit.
|
||||
|
||||
``nginx.openresty``
|
||||
-------------------
|
||||
|
||||
Installs openresty.
|
||||
|
||||
``nginx.package``
|
||||
-----------------
|
||||
|
||||
Installs the nginx package via package manager.
|
||||
|
||||
``nginx.source``
|
||||
----------------
|
||||
|
||||
Installs nginx via the source files.
|
||||
|
||||
``nginx.users``
|
||||
---------------
|
||||
|
||||
Installs apache utils, and configures nginx users specified in the pillar.
|
||||
This requires `basicauth <https://github.com/saltstack/salt-contrib/blob/master/modules/basicauth.py>`_
|
||||
from `salt-contrib <https://github.com/saltstack/salt-contrib/>`_ (either add it to your salt or ship
|
||||
this single file in your `_modules` directory see `Dynamic Module Distribution
|
||||
<https://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html>`_
|
||||
|
||||
Next-generation, alternate approach
|
||||
===================================
|
||||
|
||||
The following states provide an alternate approach to managing Nginx and Nginx
|
||||
servers, as well as code organization. Please provide feedback by filing issues,
|
||||
discussing in ``#salt`` in Freenode and the mailing list as normal.
|
||||
|
||||
.. contents::
|
||||
:local:
|
||||
|
||||
``nginx.ng``
|
||||
------------
|
||||
|
||||
Meta-state for inclusion of all ng states.
|
||||
Meta-state for inclusion of all states.
|
||||
|
||||
**Note:** nginx.ng requires the merge parameter of salt.modules.pillar.get(),
|
||||
**Note:** nginx requires the merge parameter of salt.modules.pillar.get(),
|
||||
first available in the Helium release.
|
||||
|
||||
``nginx.ng.pkg``
|
||||
``nginx.pkg``
|
||||
--------------------
|
||||
|
||||
Installs nginx from package, from the distribution repositories, the official nginx repo or the ppa from Launchpad.
|
||||
|
||||
``nginx.ng.src``
|
||||
``nginx.src``
|
||||
--------------------
|
||||
|
||||
Builds and installs nginx from source.
|
||||
|
||||
``nginx.ng.certificates``
|
||||
``nginx.certificates``
|
||||
-------------------
|
||||
|
||||
Manages the deployment of nginx certificates.
|
||||
|
||||
``nginx.ng.config``
|
||||
``nginx.config``
|
||||
-------------------
|
||||
|
||||
Manages the nginx main server configuration file.
|
||||
|
||||
``nginx.ng.service``
|
||||
``nginx.service``
|
||||
--------------------
|
||||
|
||||
Manages the startup and running state of the nginx service.
|
||||
|
||||
``nginx.ng.servers_config``
|
||||
``nginx.servers_config``
|
||||
--------------------------
|
||||
|
||||
Manages virtual host files. This state only manages the content of the files
|
||||
and does not bind them to service calls.
|
||||
|
||||
``nginx.ng.servers``
|
||||
``nginx.servers``
|
||||
-------------------
|
||||
|
||||
Manages nginx virtual hosts files and binds them to service calls.
|
||||
|
||||
``nginx.ng.passenger``
|
||||
``nginx.passenger``
|
||||
----------------------
|
||||
|
||||
Installs and configures Phusion Passenger module for nginx. You need to enable
|
||||
|
@ -39,7 +39,7 @@ Using SaltStack is a simple and effective way to implement configuration managem
|
||||
|
||||
To avoid this situation we can use the `pillar mechanism <http://docs.saltstack.com/en/latest/topics/pillar/>`_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja <http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html>`_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates.
|
||||
|
||||
There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/ng/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.
|
||||
There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.
|
||||
|
||||
In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values.
|
||||
|
||||
|
@ -72,7 +72,7 @@ provisioner:
|
||||
state_top:
|
||||
base:
|
||||
'*':
|
||||
- nginx.ng
|
||||
- nginx
|
||||
pillars:
|
||||
top.sls:
|
||||
base:
|
||||
|
@ -1,16 +1,16 @@
|
||||
{% from 'nginx/ng/map.jinja' import nginx with context %}
|
||||
{% from 'nginx/map.jinja' import nginx with context %}
|
||||
|
||||
include:
|
||||
- nginx.ng.service
|
||||
- nginx.service
|
||||
|
||||
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
|
||||
{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
|
||||
|
||||
{%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %}
|
||||
{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
|
||||
{%- if value is string %}
|
||||
create_nginx_dhparam_{{ dh_param }}_key:
|
||||
file.managed:
|
||||
- name: {{ certificates_path }}/{{ dh_param }}
|
||||
- contents_pillar: nginx:ng:dh_param:{{ dh_param }}
|
||||
- contents_pillar: nginx:dh_param:{{ dh_param }}
|
||||
- makedirs: True
|
||||
- watch_in:
|
||||
- service: nginx_service
|
||||
@ -30,30 +30,30 @@ generate_nginx_dhparam_{{ dh_param }}_key:
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
|
||||
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
|
||||
{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}
|
||||
|
||||
nginx_{{ domain }}_ssl_certificate:
|
||||
file.managed:
|
||||
- name: {{ certificates_path }}/{{ domain }}.crt
|
||||
- makedirs: True
|
||||
{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %}
|
||||
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}}
|
||||
{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
|
||||
- contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain))}}
|
||||
{% else %}
|
||||
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
|
||||
- contents_pillar: nginx:certificates:{{ domain }}:public_cert
|
||||
{% endif %}
|
||||
- watch_in:
|
||||
- service: nginx_service
|
||||
|
||||
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%}
|
||||
{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain))%}
|
||||
nginx_{{ domain }}_ssl_key:
|
||||
file.managed:
|
||||
- name: {{ certificates_path }}/{{ domain }}.key
|
||||
- mode: 600
|
||||
- makedirs: True
|
||||
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %}
|
||||
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}}
|
||||
{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
|
||||
- contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain))}}
|
||||
{% else %}
|
||||
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
|
||||
- contents_pillar: nginx:certificates:{{ domain }}:private_key
|
||||
{% endif %}
|
||||
- watch_in:
|
||||
- service: nginx_service
|
@ -1,58 +0,0 @@
|
||||
{% from "nginx/map.jinja" import nginx as nginx_map with context %}
|
||||
{% set nginx = pillar.get('nginx', {}) -%}
|
||||
{% set home = nginx.get('home', nginx_map.home) -%}
|
||||
{% set conf_dir = nginx.get('conf_dir', nginx_map.conf_dir) -%}
|
||||
{% set conf_template = nginx.get('conf_template', 'salt://nginx/templates/config.jinja') -%}
|
||||
|
||||
{{ home }}:
|
||||
file:
|
||||
- directory
|
||||
- user: {{ nginx_map.default_user }}
|
||||
- group: {{ nginx_map.default_group }}
|
||||
- mode: 0755
|
||||
- makedirs: True
|
||||
- require:
|
||||
{%- if pillar.get('nginx', {}).get('install_from_source', false) %}
|
||||
- user: {{ nginx_map.default_user }}
|
||||
- group: {{ nginx_map.default_group }}
|
||||
{%- else %}
|
||||
- pkg: nginx
|
||||
{% endif %}
|
||||
|
||||
/usr/share/nginx:
|
||||
file:
|
||||
- directory
|
||||
|
||||
{% for filename in ('default', 'example_ssl') %}
|
||||
{{ conf_dir }}/conf.d/{{ filename }}.conf:
|
||||
file.absent
|
||||
{% endfor %}
|
||||
|
||||
{{ conf_dir }}:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- makedirs: True
|
||||
|
||||
{{ conf_dir }}/nginx.conf:
|
||||
file:
|
||||
- managed
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
- source: {{ conf_template }}
|
||||
- require:
|
||||
- file: {{ conf_dir }}
|
||||
- context:
|
||||
default_user: {{ nginx_map.default_user }}
|
||||
default_group: {{ nginx_map.default_group }}
|
||||
|
||||
{% if nginx.get('init_conf_dirs', True) %}
|
||||
{% for dir in ('sites-enabled', 'sites-available') %}
|
||||
{{ conf_dir }}/{{ dir }}:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
{% endfor -%}
|
||||
{% endif %}
|
@ -1,8 +1,8 @@
|
||||
# nginx.ng.config
|
||||
# nginx.config
|
||||
#
|
||||
# Manages the main nginx server configuration file.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
|
||||
{% if nginx.install_from_source %}
|
||||
nginx_log_dir:
|
||||
@ -15,7 +15,7 @@ nginx_log_dir:
|
||||
{% if 'source_path' in nginx.server.config %}
|
||||
{% set source_path = nginx.server.config.source_path %}
|
||||
{% else %}
|
||||
{% set source_path = 'salt://nginx/ng/files/nginx.conf' %}
|
||||
{% set source_path = 'salt://nginx/files/nginx.conf' %}
|
||||
{% endif %}
|
||||
nginx_config:
|
||||
file.managed:
|
@ -1,18 +1,30 @@
|
||||
{% from "nginx/map.jinja" import nginx as nginx_map with context %}
|
||||
# nginx
|
||||
#
|
||||
# Meta-state to fully install nginx.
|
||||
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
|
||||
include:
|
||||
- nginx.common
|
||||
{% if salt['pillar.get']('nginx:use_upstart', nginx_map['use_upstart']) %}
|
||||
- nginx.upstart
|
||||
{% elif salt['pillar.get']('nginx:use_sysvinit', nginx_map['use_sysvinit']) %}
|
||||
- nginx.sysvinit
|
||||
{% endif %}
|
||||
{% if pillar.get('nginx', {}).get('user_auth_enabled', true) %}
|
||||
- nginx.users
|
||||
{% endif %}
|
||||
{% if pillar.get('nginx', {}).get('install_from_source', false) %}
|
||||
- nginx.source
|
||||
{% else %}
|
||||
- nginx.package
|
||||
{% endif -%}
|
||||
- nginx.config
|
||||
- nginx.service
|
||||
{% if nginx.snippets is defined %}
|
||||
- nginx.snippets
|
||||
{% endif %}
|
||||
- nginx.servers
|
||||
- nginx.certificates
|
||||
|
||||
extend:
|
||||
nginx_service:
|
||||
service:
|
||||
- listen:
|
||||
- file: nginx_config
|
||||
- require:
|
||||
- file: nginx_config
|
||||
nginx_config:
|
||||
file:
|
||||
- require:
|
||||
{% if nginx.install_from_source %}
|
||||
- cmd: nginx_install
|
||||
{% else %}
|
||||
- pkg: nginx_install
|
||||
{% endif %}
|
||||
|
@ -1,16 +0,0 @@
|
||||
{% set nginx = pillar.get('nginx', {}) -%}
|
||||
{% set home = nginx.get('home', '/var/www') -%}
|
||||
{% set source = nginx.get('source_root', '/usr/local/src') -%}
|
||||
|
||||
get-luajit2:
|
||||
file.managed:
|
||||
- name: {{ source }}/luajit.tar.gz
|
||||
- source: http://luajit.org/download/LuaJIT-2.0.1.tar.gz
|
||||
- source_hash: sha1=330492aa5366e4e60afeec72f15e44df8a794db5
|
||||
cmd.wait:
|
||||
- cwd: {{ nginx_home }}
|
||||
- name: tar -zxf {{ source }}/luajit.tar.gz -C {{ source }}
|
||||
- watch:
|
||||
- file: get-luajit2
|
||||
- require_in:
|
||||
- cmd: nginx
|
246
nginx/map.jinja
246
nginx/map.jinja
@ -1,65 +1,197 @@
|
||||
{% set nginx = salt['grains.filter_by']({
|
||||
{% macro sls_block(dict) %}
|
||||
{% for key, value in dict.items() %}
|
||||
- {{ key }}: {{ value|json(sort_keys=False) }}
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
|
||||
{% set nginx = salt['pillar.get']('nginx', {
|
||||
'lookup': salt['grains.filter_by']({
|
||||
'Debian': {
|
||||
'apache_utils': 'apache2-utils',
|
||||
'group_action': 'pkg.installed',
|
||||
'group_pkg': 'build-essential',
|
||||
'libpcre_dev': 'libpcre3-dev',
|
||||
'libssl_dev': 'libssl-dev',
|
||||
'pid_path': '/var/run/nginx.pid',
|
||||
'package': 'nginx-full',
|
||||
'default_user': 'www-data',
|
||||
'default_group': 'www-data',
|
||||
'disable_before_rename': False,
|
||||
'old_init_disable': 'update-rc.d -f nginx remove',
|
||||
'use_upstart': True,
|
||||
'use_sysvinit': False,
|
||||
'home': '/var/www',
|
||||
'conf_dir': '/etc/nginx',
|
||||
'log_dir': '/var/log/nginx',
|
||||
'sbin_dir': '/usr/sbin',
|
||||
'install_prefix': '/usr/local/nginx',
|
||||
'make_flags': '-j2'
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
|
||||
'service': 'nginx',
|
||||
'webuser': 'www-data',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/sites-available',
|
||||
'server_enabled': '/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'CentOS': {
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/conf.d',
|
||||
'server_enabled': '/etc/nginx/conf.d',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': False,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'rh_os_releasever': '$releasever',
|
||||
'gpg_check': False,
|
||||
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'RedHat': {
|
||||
'apache_utils': 'httpd-tools',
|
||||
'group_action': 'pkg.group_installed',
|
||||
'group_pkg': 'Development Tools',
|
||||
'libpcre_dev': 'pcre-devel',
|
||||
'libssl_dev': 'openssl-devel',
|
||||
'pid_path': '/run/nginx.pid',
|
||||
'package': 'nginx',
|
||||
'default_user': 'nginx',
|
||||
'default_group': 'nginx',
|
||||
'disable_before_rename': True,
|
||||
'old_init_disable': 'chkconfig --del nginx',
|
||||
'use_upstart': True,
|
||||
'use_sysvinit': False,
|
||||
'home': '/var/www',
|
||||
'conf_dir': '/etc/nginx',
|
||||
'log_dir': '/var/log/nginx',
|
||||
'sbin_dir': '/usr/sbin',
|
||||
'install_prefix': '/usr/local/nginx',
|
||||
'make_flags': '-j2'
|
||||
'passenger_package': 'passenger',
|
||||
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/conf.d',
|
||||
'server_enabled': '/etc/nginx/conf.d',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': False,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'rh_os_releasever': '$releasever',
|
||||
'gpg_check': False,
|
||||
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
|
||||
'passenger': {
|
||||
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
|
||||
'passenger_instance_registry_dir': ' /var/run/passenger-instreg',
|
||||
'passenger_ruby': '/usr/bin/ruby',
|
||||
},
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'Suse': {
|
||||
'apache_utils': 'apache2-utils',
|
||||
'group_action': 'pkg.installed',
|
||||
'group_pkg': 'patterns-devel-base-devel_rpm_build',
|
||||
'libpcre_dev': 'pcre-devel',
|
||||
'libssl_dev': 'openssl-devel',
|
||||
'pid_path': '/run/nginx.pid',
|
||||
'package': 'nginx',
|
||||
'default_user': 'nginx',
|
||||
'default_group': 'nginx',
|
||||
'disable_before_rename': True,
|
||||
'old_init_disable': 'chkconfig --del nginx',
|
||||
'use_upstart': False,
|
||||
'use_sysvinit': False,
|
||||
'home': '/srv/www',
|
||||
'conf_dir': '/etc/nginx',
|
||||
'log_dir': '/var/log/nginx',
|
||||
'sbin_dir': '/usr/sbin',
|
||||
'install_prefix': '/usr/local/nginx',
|
||||
'make_flags': '-j2'
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/vhosts.d',
|
||||
'server_enabled': '/etc/nginx/vhosts.d',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': False,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'gpg_check': True,
|
||||
'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key',
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
}, grain='os_family', merge=salt['pillar.get']('nginx:lookup'), default='Debian') %}
|
||||
'Arch': {
|
||||
'package': 'nginx',
|
||||
'service': 'nginx',
|
||||
'webuser': 'http',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/sites-available',
|
||||
'server_enabled': '/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'Gentoo': {
|
||||
'package': 'www-servers/nginx',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/sites-available',
|
||||
'server_enabled': '/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'openssl_package': 'dev-libs/openssl',
|
||||
},
|
||||
'FreeBSD': {
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'service': 'nginx',
|
||||
'webuser': 'www',
|
||||
'conf_file': '/usr/local/etc/nginx/nginx.conf',
|
||||
'server_available': '/usr/local/etc/nginx/sites-available',
|
||||
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/usr/local/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'pid_file': '/var/run/nginx.pid',
|
||||
},
|
||||
}, default='Debian' ),
|
||||
'install_from_source': False,
|
||||
'install_from_ppa': False,
|
||||
'install_from_repo': False,
|
||||
'install_from_phusionpassenger': False,
|
||||
'ppa_version': 'stable',
|
||||
'source_version': '1.10.0',
|
||||
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
|
||||
'source': {
|
||||
'opts': {},
|
||||
},
|
||||
'package': {
|
||||
'opts': {},
|
||||
},
|
||||
'service': {
|
||||
'enable': True,
|
||||
'opts': {},
|
||||
},
|
||||
'server': {
|
||||
'opts': {},
|
||||
'config': {
|
||||
'worker_processes': 'auto',
|
||||
'events': {
|
||||
'worker_connections': 768,
|
||||
},
|
||||
'http': {
|
||||
'sendfile': 'on',
|
||||
'tcp_nopush': 'on',
|
||||
'tcp_nodelay': 'on',
|
||||
'keepalive_timeout': '65',
|
||||
'types_hash_max_size': '2048',
|
||||
'default_type': 'application/octet-stream',
|
||||
'access_log': '/var/log/nginx/access.log',
|
||||
'error_log': '/var/log/nginx/error.log',
|
||||
'gzip': 'off',
|
||||
'gzip_disable': '"msie6"',
|
||||
'include': [
|
||||
'mime.types',
|
||||
'conf.d/*.conf',
|
||||
'sites-enabled/*',
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
'servers': {
|
||||
'disabled_postfix': '.disabled',
|
||||
'symlink_opts': {},
|
||||
'rename_opts': {},
|
||||
'managed_opts': {
|
||||
'makedirs': True,
|
||||
},
|
||||
'dir_opts': {
|
||||
'makedirs': True,
|
||||
},
|
||||
'managed': {},
|
||||
},
|
||||
'passenger': {
|
||||
'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
|
||||
'passenger_ruby': '/usr/bin/ruby',
|
||||
},
|
||||
}, merge=True) %}
|
||||
|
||||
{% if 'user' not in nginx.server.config %}
|
||||
{% do nginx.server.config.update({
|
||||
'user': nginx.lookup.webuser,
|
||||
})%}
|
||||
{% endif %}
|
||||
|
||||
{% if 'pid' not in nginx.server.config and 'pid_file' in nginx.lookup %}
|
||||
{% do nginx.server.config.update({
|
||||
'pid': nginx.lookup.pid_file,
|
||||
})%}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['grains.get']('os_family') == 'RedHat' %}
|
||||
{% do nginx.passenger.update({
|
||||
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
|
||||
'passenger_instance_registry_dir': '/var/run/passenger-instreg',
|
||||
})%}
|
||||
{% if salt['grains.get']('osfinger') == 'CentOS-6' %}
|
||||
{% do nginx.server.config.update({
|
||||
'pid': '/var/run/nginx.pid',
|
||||
})%}
|
||||
{% do nginx.passenger.update({
|
||||
'passenger_root': '/usr/lib/ruby/1.8/phusion_passenger/locations.ini',
|
||||
})%}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
@ -1,30 +0,0 @@
|
||||
# nginx.ng
|
||||
#
|
||||
# Meta-state to fully install nginx.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
|
||||
include:
|
||||
- nginx.ng.config
|
||||
- nginx.ng.service
|
||||
{% if nginx.snippets is defined %}
|
||||
- nginx.ng.snippets
|
||||
{% endif %}
|
||||
- nginx.ng.servers
|
||||
- nginx.ng.certificates
|
||||
|
||||
extend:
|
||||
nginx_service:
|
||||
service:
|
||||
- listen:
|
||||
- file: nginx_config
|
||||
- require:
|
||||
- file: nginx_config
|
||||
nginx_config:
|
||||
file:
|
||||
- require:
|
||||
{% if nginx.install_from_source %}
|
||||
- cmd: nginx_install
|
||||
{% else %}
|
||||
- pkg: nginx_install
|
||||
{% endif %}
|
@ -1,197 +0,0 @@
|
||||
{% macro sls_block(dict) %}
|
||||
{% for key, value in dict.items() %}
|
||||
- {{ key }}: {{ value|json(sort_keys=False) }}
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
|
||||
{% set nginx = salt['pillar.get']('nginx:ng', {
|
||||
'lookup': salt['grains.filter_by']({
|
||||
'Debian': {
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
|
||||
'service': 'nginx',
|
||||
'webuser': 'www-data',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/sites-available',
|
||||
'server_enabled': '/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'CentOS': {
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/conf.d',
|
||||
'server_enabled': '/etc/nginx/conf.d',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': False,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'rh_os_releasever': '$releasever',
|
||||
'gpg_check': False,
|
||||
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'RedHat': {
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/conf.d',
|
||||
'server_enabled': '/etc/nginx/conf.d',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': False,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'rh_os_releasever': '$releasever',
|
||||
'gpg_check': False,
|
||||
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
|
||||
'passenger': {
|
||||
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
|
||||
'passenger_instance_registry_dir': ' /var/run/passenger-instreg',
|
||||
'passenger_ruby': '/usr/bin/ruby',
|
||||
},
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'Suse': {
|
||||
'package': 'nginx',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/vhosts.d',
|
||||
'server_enabled': '/etc/nginx/vhosts.d',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': False,
|
||||
'pid_file': '/run/nginx.pid',
|
||||
'gpg_check': True,
|
||||
'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key',
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'Arch': {
|
||||
'package': 'nginx',
|
||||
'service': 'nginx',
|
||||
'webuser': 'http',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/sites-available',
|
||||
'server_enabled': '/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'openssl_package': 'openssl',
|
||||
},
|
||||
'Gentoo': {
|
||||
'package': 'www-servers/nginx',
|
||||
'service': 'nginx',
|
||||
'webuser': 'nginx',
|
||||
'conf_file': '/etc/nginx/nginx.conf',
|
||||
'server_available': '/etc/nginx/sites-available',
|
||||
'server_enabled': '/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'openssl_package': 'dev-libs/openssl',
|
||||
},
|
||||
'FreeBSD': {
|
||||
'package': 'nginx',
|
||||
'passenger_package': 'passenger',
|
||||
'service': 'nginx',
|
||||
'webuser': 'www',
|
||||
'conf_file': '/usr/local/etc/nginx/nginx.conf',
|
||||
'server_available': '/usr/local/etc/nginx/sites-available',
|
||||
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
|
||||
'snippets_dir': '/usr/local/etc/nginx/snippets',
|
||||
'server_use_symlink': True,
|
||||
'pid_file': '/var/run/nginx.pid',
|
||||
},
|
||||
}, default='Debian' ),
|
||||
'install_from_source': False,
|
||||
'install_from_ppa': False,
|
||||
'install_from_repo': False,
|
||||
'install_from_phusionpassenger': False,
|
||||
'ppa_version': 'stable',
|
||||
'source_version': '1.10.0',
|
||||
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
|
||||
'source': {
|
||||
'opts': {},
|
||||
},
|
||||
'package': {
|
||||
'opts': {},
|
||||
},
|
||||
'service': {
|
||||
'enable': True,
|
||||
'opts': {},
|
||||
},
|
||||
'server': {
|
||||
'opts': {},
|
||||
'config': {
|
||||
'worker_processes': 'auto',
|
||||
'events': {
|
||||
'worker_connections': 768,
|
||||
},
|
||||
'http': {
|
||||
'sendfile': 'on',
|
||||
'tcp_nopush': 'on',
|
||||
'tcp_nodelay': 'on',
|
||||
'keepalive_timeout': '65',
|
||||
'types_hash_max_size': '2048',
|
||||
'default_type': 'application/octet-stream',
|
||||
'access_log': '/var/log/nginx/access.log',
|
||||
'error_log': '/var/log/nginx/error.log',
|
||||
'gzip': 'off',
|
||||
'gzip_disable': '"msie6"',
|
||||
'include': [
|
||||
'mime.types',
|
||||
'conf.d/*.conf',
|
||||
'sites-enabled/*',
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
'servers': {
|
||||
'disabled_postfix': '.disabled',
|
||||
'symlink_opts': {},
|
||||
'rename_opts': {},
|
||||
'managed_opts': {
|
||||
'makedirs': True,
|
||||
},
|
||||
'dir_opts': {
|
||||
'makedirs': True,
|
||||
},
|
||||
'managed': {},
|
||||
},
|
||||
'passenger': {
|
||||
'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
|
||||
'passenger_ruby': '/usr/bin/ruby',
|
||||
},
|
||||
}, merge=True) %}
|
||||
|
||||
{% if 'user' not in nginx.server.config %}
|
||||
{% do nginx.server.config.update({
|
||||
'user': nginx.lookup.webuser,
|
||||
})%}
|
||||
{% endif %}
|
||||
|
||||
{% if 'pid' not in nginx.server.config and 'pid_file' in nginx.lookup %}
|
||||
{% do nginx.server.config.update({
|
||||
'pid': nginx.lookup.pid_file,
|
||||
})%}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['grains.get']('os_family') == 'RedHat' %}
|
||||
{% do nginx.passenger.update({
|
||||
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
|
||||
'passenger_instance_registry_dir': '/var/run/passenger-instreg',
|
||||
})%}
|
||||
{% if salt['grains.get']('osfinger') == 'CentOS-6' %}
|
||||
{% do nginx.server.config.update({
|
||||
'pid': '/var/run/nginx.pid',
|
||||
})%}
|
||||
{% do nginx.passenger.update({
|
||||
'passenger_root': '/usr/lib/ruby/1.8/phusion_passenger/locations.ini',
|
||||
})%}
|
||||
{% endif %}
|
||||
{% endif %}
|
@ -1,31 +0,0 @@
|
||||
{% set nginx = pillar.get('nginx', {}) -%}
|
||||
{% set home = nginx.get('home', '/var/www') -%}
|
||||
{% set source = nginx.get('source_root', '/usr/local/src') -%}
|
||||
|
||||
{% set openresty = nginx.get('openresty', {}) -%}
|
||||
{% set openresty_version = openresty.get('version', '1.2.7.8') -%}
|
||||
{% set openresty_checksum = openresty.get('checksum', 'sha1=f8bee501529ffec33f9cabc00ea4ca512a8d7b59') -%}
|
||||
{% set openresty_package = source + '/openresty-' + openresty_version + '.tar.gz' -%}
|
||||
|
||||
get-openresty:
|
||||
file.managed:
|
||||
- name: {{ openresty_package }}
|
||||
- source: http://openresty.org/download/ngx_openresty-{{ openresty_version }}.tar.gz
|
||||
- source_hash: {{ openresty_checksum }}
|
||||
cmd.wait:
|
||||
- cwd: {{ source }}
|
||||
- name: tar -zxf {{ openresty_package }} -C {{ home }}
|
||||
- watch:
|
||||
- file: get-openresty
|
||||
|
||||
install_openresty:
|
||||
cmd.wait:
|
||||
- cwd: {{ home }}/ngx_openresty-{{ openresty_version }}
|
||||
- names:
|
||||
- ./configure --with-luajit \
|
||||
--with-http_drizzle_module \
|
||||
--with-http_postgres_module \
|
||||
--with-http_iconv_module
|
||||
- make && make install
|
||||
- watch:
|
||||
- cmd: get-openresty
|
@ -1,128 +0,0 @@
|
||||
{% from "nginx/map.jinja" import nginx with context %}
|
||||
{% set use_upstart = salt['pillar.get']('nginx:use_upstart', nginx['use_upstart']) %}
|
||||
{% if use_upstart %}
|
||||
nginx-old-init:
|
||||
file.rename:
|
||||
- name: /usr/share/nginx/init.d
|
||||
- source: /etc/init.d/nginx
|
||||
- require_in:
|
||||
- file: nginx
|
||||
- require:
|
||||
- pkg: nginx
|
||||
- force: True
|
||||
{% if grains.get('os_family') == 'Debian' %}
|
||||
# Don't dpkg-divert if we are not Debian based!
|
||||
cmd.wait:
|
||||
- name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx
|
||||
- require:
|
||||
- module: nginx-old-init
|
||||
- watch:
|
||||
- file: nginx-old-init
|
||||
- require_in:
|
||||
- file: nginx
|
||||
{% endif %}
|
||||
module.wait:
|
||||
- name: cmd.run
|
||||
- cmd: sh -c "kill `cat /var/run/nginx.pid`"
|
||||
- watch:
|
||||
- file: nginx-old-init
|
||||
- require_in:
|
||||
- file: nginx
|
||||
- onlyif: [ -e /var/run/nginx.pid ]
|
||||
|
||||
# RedHat requires the init file in place to chkconfig off
|
||||
{% if nginx['disable_before_rename'] %}
|
||||
{% set _in = '_in' %}
|
||||
{% else %}
|
||||
{% set _in = '' %}
|
||||
{% endif %}
|
||||
|
||||
nginx-old-init-disable:
|
||||
cmd.run:
|
||||
- name: {{ nginx.old_init_disable }}
|
||||
- require{{ _in }}:
|
||||
- module: nginx-old-init
|
||||
- onlyif: [ -f /etc/init.d/nginx ]
|
||||
{% endif %}
|
||||
|
||||
{% if grains.get('os_family') == 'Debian' %}
|
||||
|
||||
{% set repo_source = pillar.get('nginx', {}).get('repo_source', 'default') %}
|
||||
{% set use_ppa = repo_source == 'ppa' and grains.get('os') == 'Ubuntu' %}
|
||||
{% set use_official = repo_source == 'official' and grains.get('os') in ('Ubuntu', 'Debian') %}
|
||||
|
||||
nginx-ppa-repo:
|
||||
pkgrepo:
|
||||
{%- if use_ppa %}
|
||||
- managed
|
||||
{%- else %}
|
||||
- absent
|
||||
{%- endif %}
|
||||
- humanname: nginx-ppa-{{ grains['oscodename'] }}
|
||||
- name: deb http://ppa.launchpad.net/nginx/{{ pillar.get('nginx', {}).get('repo_version', 'stable') }}/ubuntu {{ grains['oscodename'] }} main
|
||||
- file: /etc/apt/sources.list.d/nginx-{{ pillar.get('nginx', {}).get('repo_version', 'stable') }}-{{ grains['oscodename'] }}.list
|
||||
- dist: {{ grains['oscodename'] }}
|
||||
- keyid: C300EE8C
|
||||
- keyserver: keyserver.ubuntu.com
|
||||
- require_in:
|
||||
- pkg: nginx
|
||||
- watch_in:
|
||||
- pkg: nginx
|
||||
|
||||
nginx-official-repo:
|
||||
pkgrepo:
|
||||
{%- if use_official %}
|
||||
- managed
|
||||
{%- else %}
|
||||
- absent
|
||||
{%- endif %}
|
||||
- humanname: nginx apt repo
|
||||
- name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx
|
||||
- file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list
|
||||
- keyid: ABF5BD827BD9BF62
|
||||
- keyserver: keyserver.ubuntu.com
|
||||
- require_in:
|
||||
- pkg: nginx
|
||||
- watch_in:
|
||||
- pkg: nginx
|
||||
|
||||
{% endif %}
|
||||
|
||||
nginx:
|
||||
pkg.installed:
|
||||
- name: {{ nginx.package }}
|
||||
{% if use_upstart %}
|
||||
file.managed:
|
||||
- name: /etc/init/nginx.conf
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 440
|
||||
- source: salt://nginx/templates/upstart.jinja
|
||||
- require:
|
||||
- pkg: nginx
|
||||
- file: nginx-old-init
|
||||
- module: nginx-old-init
|
||||
{% endif %}
|
||||
service.running:
|
||||
- enable: True
|
||||
- restart: True
|
||||
- watch:
|
||||
{% if use_upstart %}
|
||||
- file: nginx
|
||||
{% endif %}
|
||||
{% set conf_dir = salt['pillar.get']('nginx:conf_dir', '/etc/nginx') %}
|
||||
- file: {{ conf_dir }}/nginx.conf
|
||||
- file: {{ conf_dir }}/conf.d/default.conf
|
||||
- file: {{ conf_dir }}/conf.d/example_ssl.conf
|
||||
- pkg: nginx
|
||||
|
||||
# Create 'service' symlink for tab completion.
|
||||
# This is not supported in os_family RedHat and likely only works in
|
||||
# Debian-based distros
|
||||
{% if use_upstart and grains['os_family'] == 'Debian' %}
|
||||
/etc/init.d/nginx:
|
||||
file.symlink:
|
||||
- target: /lib/init/upstart-job
|
||||
- force: True
|
||||
{% endif %}
|
@ -1,14 +1,14 @@
|
||||
# nginx.ng.passenger
|
||||
# nginx.passenger
|
||||
#
|
||||
# Manages installation of passenger from repo.
|
||||
# Requires install_from_phusionpassenger = True
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
|
||||
{% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %}
|
||||
include:
|
||||
- nginx.ng.pkg
|
||||
- nginx.ng.service
|
||||
- nginx.pkg
|
||||
- nginx.service
|
||||
|
||||
passenger_install:
|
||||
pkg.installed:
|
||||
@ -27,7 +27,7 @@ passenger_config:
|
||||
file.managed:
|
||||
{{ sls_block(nginx.server.opts) }}
|
||||
- name: {{ nginx.lookup.passenger_config_file }}
|
||||
- source: salt://nginx/ng/files/nginx.conf
|
||||
- source: salt://nginx/files/nginx.conf
|
||||
- template: jinja
|
||||
- context:
|
||||
config: {{ nginx.passenger|json() }}
|
@ -1,8 +1,8 @@
|
||||
# nginx.ng.pkg
|
||||
# nginx.pkg
|
||||
#
|
||||
# Manages installation of nginx from pkg.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
{%- if nginx.install_from_repo %}
|
||||
{% set from_official = true %}
|
||||
{% set from_ppa = false %}
|
@ -1,10 +1,10 @@
|
||||
# nginx.ng.servers
|
||||
# nginx.servers
|
||||
#
|
||||
# Manages virtual hosts and their relationship to the nginx service.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/ng/servers_config.sls' import server_states with context %}
|
||||
{% from 'nginx/ng/service.sls' import service_function with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/servers_config.sls' import server_states with context %}
|
||||
{% from 'nginx/service.sls' import service_function with context %}
|
||||
|
||||
{% macro file_requisites(states) %}
|
||||
{%- for state in states %}
|
||||
@ -13,8 +13,8 @@
|
||||
{% endmacro %}
|
||||
|
||||
include:
|
||||
- nginx.ng.service
|
||||
- nginx.ng.servers_config
|
||||
- nginx.service
|
||||
- nginx.servers_config
|
||||
|
||||
{% if server_states|length() > 0 %}
|
||||
nginx_service_reload:
|
@ -1,8 +1,8 @@
|
||||
# nginx.ng.servers_config
|
||||
# nginx.servers_config
|
||||
#
|
||||
# Manages the configuration of virtual host files.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
{% set server_states = [] %}
|
||||
|
||||
# Simple path concatenation.
|
||||
@ -104,7 +104,7 @@ nginx_server_available_dir:
|
||||
{% if 'source_path' in settings.config %}
|
||||
{% set source_path = settings.config.source_path %}
|
||||
{% else %}
|
||||
{% set source_path = 'salt://nginx/ng/files/server.conf' %}
|
||||
{% set source_path = 'salt://nginx/files/server.conf' %}
|
||||
{% endif %}
|
||||
{{ conf_state_id }}:
|
||||
file.managed:
|
@ -1,22 +1,22 @@
|
||||
# nginx.ng.service
|
||||
# nginx.service
|
||||
#
|
||||
# Manages the nginx service.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
{% set service_function = {True:'running', False:'dead'}.get(nginx.service.enable) %}
|
||||
|
||||
include:
|
||||
{% if nginx.install_from_source %}
|
||||
- nginx.ng.src
|
||||
- nginx.src
|
||||
{% else %}
|
||||
- nginx.ng.pkg
|
||||
- nginx.pkg
|
||||
{% endif %}
|
||||
|
||||
{% if nginx.install_from_source %}
|
||||
nginx_systemd_service_file:
|
||||
file.managed:
|
||||
- name: /lib/systemd/system/nginx.service
|
||||
- source: salt://nginx/ng/files/nginx.service
|
||||
- source: salt://nginx/files/nginx.service
|
||||
{% endif %}
|
||||
|
||||
nginx_service:
|
||||
@ -26,9 +26,9 @@ nginx_service:
|
||||
- enable: {{ nginx.service.enable }}
|
||||
- require:
|
||||
{% if nginx.install_from_source %}
|
||||
- sls: nginx.ng.src
|
||||
- sls: nginx.src
|
||||
{% else %}
|
||||
- sls: nginx.ng.pkg
|
||||
- sls: nginx.pkg
|
||||
{% endif %}
|
||||
- listen:
|
||||
{% if nginx.install_from_source %}
|
@ -1,8 +1,8 @@
|
||||
# nginx.ng.snippet
|
||||
# nginx.snippet
|
||||
#
|
||||
# Manages creation of snippets
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
|
||||
nginx_snippets_dir:
|
||||
file.directory:
|
||||
@ -13,7 +13,7 @@ nginx_snippets_dir:
|
||||
nginx_snippet_{{ snippet }}:
|
||||
file.managed:
|
||||
- name: {{ nginx.lookup.snippets_dir }}/{{ snippet }}.conf
|
||||
- source: salt://nginx/ng/files/server.conf
|
||||
- source: salt://nginx/files/server.conf
|
||||
- template: jinja
|
||||
- context:
|
||||
config: {{ config|json() }}
|
277
nginx/source.sls
277
nginx/source.sls
@ -1,277 +0,0 @@
|
||||
{% from "nginx/map.jinja" import nginx as nginx_map with context %}
|
||||
|
||||
{% set nginx = pillar.get('nginx', {}) -%}
|
||||
{% set use_sysvinit = nginx.get('use_sysvinit', nginx_map['use_sysvinit']) %}
|
||||
{% set version = nginx.get('version', '1.6.2') -%}
|
||||
{% set tarball_url = nginx.get('tarball_url', 'http://nginx.org/download/nginx-' + version + '.tar.gz') -%}
|
||||
{% set checksum = nginx.get('checksum', 'sha256=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18') -%}
|
||||
{% set home = nginx.get('home', nginx_map['home']) -%}
|
||||
{% set base_temp_dir = nginx.get('base_temp_dir', '/tmp') -%}
|
||||
{% set source = nginx.get('source_root', '/usr/local/src') -%}
|
||||
|
||||
{% set conf_dir = nginx.get('conf_dir', nginx_map['conf_dir']) -%}
|
||||
{% set conf_only = nginx.get('conf_only', false) -%}
|
||||
{% set log_dir = nginx.get('log_dir', nginx_map['log_dir']) -%}
|
||||
{% set pid_path = nginx.get('pid_path', nginx_map['pid_path']) -%}
|
||||
{% set lock_path = nginx.get('lock_path', '/var/lock/nginx.lock') -%}
|
||||
{% set sbin_dir = nginx.get('sbin_dir', nginx_map['sbin_dir']) -%}
|
||||
|
||||
{% set install_prefix = nginx.get('install_prefix', nginx_map['install_prefix']) -%}
|
||||
{% set with_items = nginx.get('with', ['debug', 'http_dav_module', 'http_stub_status_module', 'pcre', 'ipv6']) -%}
|
||||
{% set without_items = nginx.get('without', []) -%}
|
||||
{% set make_flags = nginx.get('make_flags', nginx_map['make_flags']) -%}
|
||||
|
||||
{% set service_name = nginx.get('service_name', 'nginx') %}
|
||||
{% set service_enable = nginx.get('service_enable', True) %}
|
||||
|
||||
{% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%}
|
||||
{% set nginx_source = source + "/nginx-" + version -%}
|
||||
{% set nginx_modules_dir = source + "/nginx-modules" -%}
|
||||
|
||||
include:
|
||||
- nginx.common
|
||||
{% if nginx.get('with_luajit', false) %}
|
||||
- nginx.luajit2
|
||||
{% endif -%}
|
||||
{% if nginx.get('with_openresty', false) %}
|
||||
- nginx.openresty
|
||||
{% endif -%}
|
||||
|
||||
|
||||
nginx_group:
|
||||
group.present:
|
||||
- name: {{ nginx_map.default_group }}
|
||||
|
||||
nginx_user:
|
||||
file.directory:
|
||||
- name: {{ home }}
|
||||
- user: {{ nginx_map.default_user }}
|
||||
- group: {{ nginx_map.default_group }}
|
||||
- mode: 0755
|
||||
- require:
|
||||
- user: nginx_user
|
||||
- group: nginx_group
|
||||
user.present:
|
||||
- name: {{ nginx_map.default_user }}
|
||||
- home: {{ home }}
|
||||
- groups:
|
||||
- {{ nginx_map.default_group }}
|
||||
- require:
|
||||
- group: nginx_group
|
||||
|
||||
{{ nginx_modules_dir }}:
|
||||
file:
|
||||
- directory
|
||||
- makedirs: True
|
||||
|
||||
get-build-tools:
|
||||
{% if grains['saltversion'] < '2015.8.0' and grains['os_family'] == 'RedHat' %}
|
||||
module.run:
|
||||
- name: pkg.group_install
|
||||
- m_name: {{ nginx_map.group_pkg }}
|
||||
{% else %}
|
||||
{{ nginx_map.group_action }}:
|
||||
- name: {{ nginx_map.group_pkg }}
|
||||
{% endif %}
|
||||
|
||||
get-nginx:
|
||||
pkg.installed:
|
||||
- names:
|
||||
- {{ nginx_map.libpcre_dev }}
|
||||
- {{ nginx_map.libssl_dev }}
|
||||
|
||||
file.managed:
|
||||
- name: {{ nginx_package }}
|
||||
- source: {{ tarball_url }}
|
||||
- source_hash: {{ checksum }}
|
||||
- require:
|
||||
- file: {{ nginx_modules_dir }}
|
||||
cmd.wait:
|
||||
- cwd: {{ source }}
|
||||
- name: tar --transform "s,^$(tar --list -zf nginx-{{ version }}.tar.gz | head -n 1),nginx-{{ version }}/," -zxf {{ nginx_package }}
|
||||
- require:
|
||||
- pkg: get-nginx
|
||||
- file: get-nginx
|
||||
- watch:
|
||||
- file: get-nginx
|
||||
|
||||
{% for name, module in nginx.get('modules', {}).items() -%}
|
||||
get-nginx-{{name}}:
|
||||
file.managed:
|
||||
- name: {{ nginx_modules_dir }}/{{name}}.tar.gz
|
||||
- source: {{ module['source'] }}
|
||||
- source_hash: {{ module['source_hash'] }}
|
||||
cmd.wait:
|
||||
- cwd: {{ nginx_modules_dir }}
|
||||
- names:
|
||||
- tar --transform "s,^$(tar --list -zf {{name}}.tar.gz | head -n 1),{{name}}/," -zxf {{name}}.tar.gz
|
||||
- watch:
|
||||
- file: get-nginx-{{name}}
|
||||
- require_in:
|
||||
- cmd: nginx
|
||||
{% endfor -%}
|
||||
|
||||
{% if nginx.get('ngx_devel_kit', true) -%}
|
||||
get-ngx_devel_kit:
|
||||
file.managed:
|
||||
- name: {{ source }}/ngx_devel_kit.tar.gz
|
||||
- source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz
|
||||
- source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8
|
||||
cmd.wait:
|
||||
- cwd: {{ source }}
|
||||
- name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }}
|
||||
- watch:
|
||||
- file: get-ngx_devel_kit
|
||||
{% endif %}
|
||||
|
||||
is-nginx-source-modified:
|
||||
cmd.run:
|
||||
- cwd: {{ source }}
|
||||
- stateful: True
|
||||
- names:
|
||||
- if [ ! -d "nginx-{{ version }}" ]; then
|
||||
echo "changed=yes comment='Tarball has not yet been extracted'";
|
||||
exit 0;
|
||||
fi;
|
||||
cd "nginx-{{ version }}";
|
||||
m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
|
||||
r=$?;
|
||||
if [ x$r != x0 ]; then
|
||||
echo "changed=yes comment='binary file does not exist or other find error'";
|
||||
exit 0;
|
||||
fi;
|
||||
if [ x$m != "x" ]; then
|
||||
echo "changed=yes comment='source files are newer than binary'";
|
||||
exit 0;
|
||||
fi;
|
||||
echo "changed=no comment='source files are older than binary'"
|
||||
|
||||
{% for name, module in nginx.get('modules', {}).items() -%}
|
||||
is-nginx-module-modified-{{name}}:
|
||||
cmd.run:
|
||||
- cwd: {{ nginx_modules_dir }}/{{name}}
|
||||
- stateful: True
|
||||
- names:
|
||||
- m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
|
||||
r=$?;
|
||||
if [ x$r != x0 ]; then
|
||||
echo "changed=yes comment='binary file does not exist or other find error'";
|
||||
exit 0;
|
||||
fi;
|
||||
if [ x$m != "x" ]; then
|
||||
echo "changed=yes comment='module source files are newer than binary'";
|
||||
exit 0;
|
||||
fi;
|
||||
echo "changed=no comment='module source files are older than binary'"
|
||||
{% endfor -%}
|
||||
|
||||
nginx:
|
||||
cmd.wait:
|
||||
- cwd: {{ nginx_source }}
|
||||
- names:
|
||||
- (
|
||||
{%- if nginx.get('debug_symbols', false) %}
|
||||
CFLAGS="-g -O0" ./configure --conf-path={{ conf_dir }}/nginx.conf
|
||||
{%- else %}
|
||||
./configure --conf-path={{ conf_dir }}/nginx.conf
|
||||
{%- endif %}
|
||||
--sbin-path={{ sbin_dir }}/nginx
|
||||
--user={{ nginx_map.default_user }}
|
||||
--group={{ nginx_map.default_group }}
|
||||
--prefix={{ install_prefix }}
|
||||
--http-log-path={{ log_dir }}/access.log
|
||||
--error-log-path={{ log_dir }}/error.log
|
||||
--pid-path={{ pid_path }}
|
||||
--lock-path={{ lock_path }}
|
||||
--http-client-body-temp-path={{ base_temp_dir }}/body
|
||||
--http-proxy-temp-path={{ base_temp_dir }}/proxy
|
||||
--http-fastcgi-temp-path={{ base_temp_dir }}/fastcgi
|
||||
--http-uwsgi-temp-path={{ base_temp_dir }}/temp_uwsgi
|
||||
--http-scgi-temp-path={{ base_temp_dir }}/temp_scgi
|
||||
{%- for name, module in nginx.get('modules', {}).items() %}
|
||||
--add-module={{nginx_modules_dir}}/{{name}}
|
||||
{%- endfor %}
|
||||
{%- for name in with_items %}
|
||||
--with-{{ name }}
|
||||
{%- endfor %}
|
||||
{%- for name in without_items %}
|
||||
--without-{{ name }}
|
||||
{%- endfor %}
|
||||
&& make {{ make_flags }}
|
||||
&& make install
|
||||
)
|
||||
{#- If they want to silence the compiler output, then save it to file so we can reference it later if needed #}
|
||||
{%- if nginx.get('silence_compiler', true) %}
|
||||
> {{ nginx_source }}/build.out 2> {{ nginx_source }}/build.err;
|
||||
{#- If the build process failed, write stderr to stderr and exit with the error code #}
|
||||
r=$?;
|
||||
if [ x$r != x0 ]; then
|
||||
cat {{ nginx_source }}/build.err 1>&2; {#- copy err output to stderr #}
|
||||
exit $r;
|
||||
fi;
|
||||
{% endif %}
|
||||
- watch:
|
||||
- cmd: get-nginx
|
||||
- cmd: is-nginx-source-modified
|
||||
{% for name, module in nginx.get('modules', {}).items() -%}
|
||||
- cmd: is-nginx-module-modified-{{name}}
|
||||
- file: get-nginx-{{name}}
|
||||
{% endfor %}
|
||||
{% if use_sysvinit %}
|
||||
- watch_in:
|
||||
{% set logger_types = ('access', 'error') %}
|
||||
{% for log_type in logger_types %}
|
||||
- service: nginx-logger-{{ log_type }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
- require:
|
||||
- cmd: get-nginx
|
||||
{% for name, module in nginx.get('modules', {}).items() -%}
|
||||
- file: get-nginx-{{name}}
|
||||
{% endfor %}
|
||||
{% if use_sysvinit %}
|
||||
file:
|
||||
- managed
|
||||
- template: jinja
|
||||
- name: /etc/init.d/{{ service_name }}
|
||||
- source: salt://nginx/templates/nginx.init.jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0755
|
||||
- context:
|
||||
service_name: {{ service_name }}
|
||||
sbin_dir: {{ sbin_dir }}
|
||||
pid_path: {{ pid_path }}
|
||||
{% endif %}
|
||||
service:
|
||||
{% if service_enable %}
|
||||
- running
|
||||
- enable: True
|
||||
- restart: True
|
||||
{% else %}
|
||||
- dead
|
||||
- enable: False
|
||||
{% endif %}
|
||||
- name: {{ service_name }}
|
||||
- watch:
|
||||
- cmd: nginx
|
||||
- file: {{ conf_dir }}/nginx.conf
|
||||
- require:
|
||||
- cmd: nginx
|
||||
- file: {{ conf_dir }}/nginx.conf
|
||||
|
||||
{% for file in nginx.get('delete_confs', []) %}
|
||||
{{ conf_dir }}/{{ file }}:
|
||||
file:
|
||||
- absent
|
||||
- require_in:
|
||||
- service: nginx
|
||||
{% endfor %}
|
||||
|
||||
{% for file in nginx.get('delete_htdocs', []) %}
|
||||
{{ install_prefix }}/html/{{ file }}:
|
||||
file:
|
||||
- absent
|
||||
- require_in:
|
||||
- service: nginx
|
||||
{% endfor %}
|
@ -1,8 +1,8 @@
|
||||
# nginx.ng.src
|
||||
# nginx.src
|
||||
#
|
||||
# Manages installation of nginx from source.
|
||||
|
||||
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
|
||||
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
|
||||
|
||||
nginx_deps:
|
||||
pkg.installed:
|
||||
@ -23,7 +23,7 @@ nginx_download:
|
||||
|
||||
nginx_configure:
|
||||
cmd.run:
|
||||
- name: ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path={{ nginx.lookup.conf_file or '/etc/nginx/nginx.conf' }} {{ nginx.source.opts | join(' ') }}
|
||||
- name: ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path={{ nginx.lookup.conf_file }} {{ nginx.source.opts | join(' ') }}
|
||||
- cwd: /tmp/nginx-{{ nginx.source_version }}
|
||||
- onchanges:
|
||||
- archive: nginx_download
|
@ -1,34 +0,0 @@
|
||||
{% set nginx = pillar.get('nginx', {}) -%}
|
||||
{% set log_dir = nginx.get('log_dir', '/var/log/nginx') -%}
|
||||
|
||||
{% set logger_types = ('access', 'error') %}
|
||||
|
||||
{% for log_type in logger_types %}
|
||||
{{ log_dir }}/{{ log_type }}.log:
|
||||
file.absent
|
||||
|
||||
nginx-logger-{{ log_type }}:
|
||||
file:
|
||||
- managed
|
||||
- name: /etc/init.d/nginx-logger-{{ log_type }}
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 755
|
||||
- source:
|
||||
- salt://nginx/templates/{{ grains['os_family'] }}-sysvinit-logger.jinja
|
||||
- salt://nginx/templates/sysvinit-logger.jinja
|
||||
- context:
|
||||
type: {{ log_type }}
|
||||
service:
|
||||
- running
|
||||
- enable: True
|
||||
- restart: True
|
||||
- require:
|
||||
- file: nginx-logger-{{ log_type }}
|
||||
- require_in:
|
||||
- service: nginx
|
||||
{% endfor %}
|
||||
|
||||
/etc/logrotate.d/nginx:
|
||||
file.absent
|
@ -1,100 +0,0 @@
|
||||
#!/bin/bash
|
||||
# /etc/init.d/nginx-logger-{{ type }}
|
||||
#
|
||||
# chkconfig: 345 84 16
|
||||
# description: Nginx logger for {{ type }}
|
||||
# processname: nginx-logger-{{ type }}
|
||||
|
||||
NAME=nginx-logger-{{ type }}
|
||||
DESC="syslog forwarder for nginx {{type}} logs"
|
||||
DAEMON=/usr/bin/logger
|
||||
DAEMON_ARGS=" -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}"
|
||||
PIDFILE=/var/run/$NAME.pid
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
|
||||
# Exit if the daemon program isn't installed
|
||||
[ -x "$DAEMON" ] || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
. /etc/init.d/functions
|
||||
|
||||
do_start() {
|
||||
# Return
|
||||
# 0 if daemon has been started
|
||||
# 1 if daemon was already running
|
||||
# 2 if daemon could not be started
|
||||
echo -n "Starting $NAME"
|
||||
pid=$(cat $PIDFILE 2>/dev/null)
|
||||
if [ -n "$pid" ]; then
|
||||
failure
|
||||
echo
|
||||
return 1;
|
||||
fi
|
||||
|
||||
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
|
||||
mkdir -p /var/log/nginx
|
||||
mkfifo /var/log/nginx/{{ type }}.fifo
|
||||
chown root.root /var/log/nginx/{{ type }}.fifo
|
||||
chmod 660 /var/log/nginx/{{ type }}.fifo
|
||||
fi
|
||||
|
||||
$DAEMON $DAEMON_ARGS &
|
||||
ERROR=$?
|
||||
PID=$!
|
||||
if [ $ERROR -eq 0 ]; then
|
||||
success
|
||||
echo
|
||||
echo $PID > $PIDFILE
|
||||
else
|
||||
failure
|
||||
echo
|
||||
exit 2
|
||||
fi
|
||||
}
|
||||
|
||||
do_stop() {
|
||||
# Return
|
||||
# 0 if daemon has been stopped
|
||||
# 1 if daemon was already stopped
|
||||
# 2 if daemon could not be stopped
|
||||
# other if a failure occurred
|
||||
echo -n Stopping $NAME
|
||||
pid=$(cat $PIDFILE 2>/dev/null)
|
||||
if [ $? -eq 0 ]; then
|
||||
echo $pid | xargs kill 2&1>/dev/null
|
||||
success
|
||||
RETVAL=0
|
||||
else
|
||||
failure
|
||||
RETVAL=1
|
||||
fi
|
||||
echo
|
||||
|
||||
[ "$RETVAL" = 2 ] && return 2
|
||||
rm -f $PIDFILE
|
||||
return "$RETVAL"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
do_start
|
||||
;;
|
||||
stop)
|
||||
do_stop
|
||||
;;
|
||||
status)
|
||||
status -p "$PIDFILE" "$DAEMON" && exit 0 || exit $?
|
||||
;;
|
||||
restart|force-reload)
|
||||
do_stop
|
||||
do_start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/nginx-logger-{{ type }} {start|stop|status|restart|force-reload}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
@ -1,79 +0,0 @@
|
||||
{% set nginx = pillar.get('nginx', {}) -%}
|
||||
# defaults passed via context from the map.jinja
|
||||
{% set user = nginx.get('user', default_user) -%}
|
||||
{% set group = nginx.get('group', default_group) -%}
|
||||
user {{ user }} {{ group }};
|
||||
worker_processes {{ nginx.get('worker_processes', 1) }};
|
||||
{% set worker_rlimit_nofile = nginx.get('worker_rlimit_nofile', '') -%}
|
||||
{% if worker_rlimit_nofile -%}
|
||||
worker_rlimit_nofile {{ worker_rlimit_nofile }};
|
||||
{% endif -%}
|
||||
|
||||
{% set error_log_location = nginx.get('error_log',{}).get('location', '/var/log/nginx/error.fifo') -%}
|
||||
{% set error_log_level = nginx.get('error_log',{}).get('level', 'warn') -%}
|
||||
error_log {{ ' '.join([error_log_location, error_log_level]) }};
|
||||
pid {{ nginx.get('pid', '/var/run/nginx.pid') }};
|
||||
{% if not 'systemd' in salt['test.provider']('service') -%}
|
||||
daemon {{ nginx.get('daemon', 'on') }};
|
||||
{%- endif %}
|
||||
|
||||
events {
|
||||
worker_connections {{ nginx.get('events', {}).get('worker_connections', 1024) }};
|
||||
{% set use = nginx.get('events', {}).get('use', '') -%}
|
||||
{% if use -%}
|
||||
use {{ use }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
http {
|
||||
{% if 'set_real_ips' in nginx -%}
|
||||
{% for ip in nginx.get('set_real_ips', {}).get('from_ips', []) -%}
|
||||
set_real_ip_from {{ ip }};
|
||||
{% endfor -%}
|
||||
real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }};
|
||||
|
||||
{% endif -%}
|
||||
include /etc/nginx/mime.types;
|
||||
default_type {{ nginx.get('default_type', 'application/octet-stream') }};
|
||||
log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.fifo main;
|
||||
sendfile {{ nginx.get('sendfile', 'on') }};
|
||||
#tcp_nopush on;
|
||||
keepalive_timeout {{ nginx.get('keepalive_timeout', 65) }};
|
||||
server_names_hash_bucket_size {{ nginx.get('server_names_hash_bucket_size', 128) }};
|
||||
server_names_hash_max_size {{ nginx.get('server_names_hash_max_size', 1024) }};
|
||||
types_hash_max_size {{ nginx.get('types_hash_max_size', 8192) }};
|
||||
|
||||
gzip {{ nginx.get('gzip', 'on') }};
|
||||
gzip_vary {{ nginx.get('gzip_vary', 'on') }};
|
||||
gzip_proxied {{ nginx.get('gzip_proxied', 'any') }};
|
||||
gzip_comp_level {{ nginx.get('gzip_comp_level', 6) }};
|
||||
gzip_buffers {{ nginx.get('gzip_buffers', '16 8k') }};
|
||||
gzip_http_version {{ nginx.get('gzip_http_version', '1.1') }};
|
||||
gzip_types {{ nginx.get('gzip_types', ['text/plain', 'text/css', 'application/json', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript'])|join(' ') }};
|
||||
gzip_disable "{{ nginx.get('gzip_disable', 'msie6') }}";
|
||||
|
||||
# turn on nginx_status on localhost
|
||||
server {
|
||||
listen 127.0.0.1:80;
|
||||
server_name 127.0.0.1;
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
{% if pillar['nginx'] is defined -%}
|
||||
{% if pillar['nginx']['redirect_numeric_ip']|default(False) -%}
|
||||
server {
|
||||
server_name {% for ip in salt['network.interfaces']()['eth0']['inet'] %}{{ ip['address'] }}:80{% if not loop.last %} {% endif %}{% endfor %};
|
||||
return 302 {{ pillar['nginx']['redirect_numeric_ip'] }};
|
||||
access_log off;
|
||||
}
|
||||
{% endif -%}
|
||||
{% endif %}
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*.conf;
|
||||
}
|
@ -1,101 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: {{ service_name }}
|
||||
# Required-Start: $local_fs $remote_fs $network $syslog
|
||||
# Required-Stop: $local_fs $remote_fs $network $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: starts the {{ service_name }} web server
|
||||
# Description: starts {{ service_name }} using start-stop-daemon
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON={{ sbin_dir }}/nginx
|
||||
NAME={{ service_name }}
|
||||
DESC={{ service_name }}
|
||||
|
||||
# Include nginx defaults if available
|
||||
if [ -f /etc/default/$NAME ]; then
|
||||
. /etc/default/$NAME
|
||||
fi
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
test_nginx_config() {
|
||||
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
|
||||
return 0
|
||||
else
|
||||
$DAEMON -t $DAEMON_OPTS
|
||||
return $?
|
||||
fi
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
test_nginx_config
|
||||
# Check if the ULIMIT is set in /etc/default/nginx
|
||||
if [ -n "$ULIMIT" ]; then
|
||||
# Set the ulimits
|
||||
ulimit $ULIMIT
|
||||
fi
|
||||
start-stop-daemon --start --quiet --pidfile {{ pid_path }} \
|
||||
--exec $DAEMON -- $DAEMON_OPTS || true
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
start-stop-daemon --stop --quiet --pidfile {{ pid_path }} \
|
||||
--exec $DAEMON || true
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
echo -n "Restarting $DESC: "
|
||||
start-stop-daemon --stop --quiet --pidfile \
|
||||
{{ pid_path }} --exec $DAEMON || true
|
||||
sleep 1
|
||||
test_nginx_config
|
||||
# Check if the ULIMIT is set in /etc/default/nginx
|
||||
if [ -n "$ULIMIT" ]; then
|
||||
# Set the ulimits
|
||||
ulimit $ULIMIT
|
||||
fi
|
||||
start-stop-daemon --start --quiet --pidfile \
|
||||
{{ pid_path }} --exec $DAEMON -- $DAEMON_OPTS || true
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
||||
reload)
|
||||
echo -n "Reloading $DESC configuration: "
|
||||
test_nginx_config
|
||||
start-stop-daemon --stop --signal HUP --quiet --pidfile {{ pid_path }} \
|
||||
--exec $DAEMON || true
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
||||
configtest|testconfig)
|
||||
echo -n "Testing $DESC configuration: "
|
||||
if test_nginx_config; then
|
||||
echo "$NAME."
|
||||
else
|
||||
exit $?
|
||||
fi
|
||||
;;
|
||||
|
||||
status)
|
||||
status_of_proc -p {{ pid_path }} "$DAEMON" nginx && exit 0 || exit $?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
@ -1,113 +0,0 @@
|
||||
#!/bin/bash
|
||||
# /etc/init.d/nginx-logger-{{ type }}
|
||||
#
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: nginx-logger-{{ type }}
|
||||
# Required-Start: $local_fs $remote_fs $network $syslog
|
||||
# Required-Stop: $local_fs $remote_fs $network $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: starts the nginx-logger-{{ type }}
|
||||
# Description: starts nginx-logger-{{ type }} using start-stop-daemon
|
||||
### END INIT INFO
|
||||
|
||||
NAME=nginx-logger-{{ type }}
|
||||
DESC="syslog forwarder for nginx {{type}} logs"
|
||||
DAEMON=/usr/bin/logger
|
||||
DAEMON_ARGS=" -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}"
|
||||
PIDFILE=/var/run/$NAME.pid
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
|
||||
# Exit if the daemon program isn't installed
|
||||
[ -x "$DAEMON" ] || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
do_start() {
|
||||
# Return
|
||||
# 0 if daemon has been started
|
||||
# 1 if daemon was already running
|
||||
# 2 if daemon could not be started
|
||||
pid=$(pidofproc -p $PIDFILE $DAEMON)
|
||||
if [ -n "$pid" ]; then
|
||||
return 1;
|
||||
fi
|
||||
|
||||
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
|
||||
mkdir -p /var/log/nginx
|
||||
mkfifo /var/log/nginx/{{ type }}.fifo
|
||||
chown root.root /var/log/nginx/{{ type }}.fifo
|
||||
chmod 660 /var/log/nginx/{{ type }}.fifo
|
||||
fi
|
||||
|
||||
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS
|
||||
}
|
||||
|
||||
do_stop() {
|
||||
# Return
|
||||
# 0 if daemon has been stopped
|
||||
# 1 if daemon was already stopped
|
||||
# 2 if daemon could not be stopped
|
||||
# other if a failure occurred
|
||||
pids=$(pidof -x $DAEMON)
|
||||
if [ $? -eq 0 ]; then
|
||||
echo $pids | xargs kill 2&1>/dev/null
|
||||
RETVAL=0
|
||||
else
|
||||
RETVAL=1
|
||||
fi
|
||||
|
||||
[ "$RETVAL" = 2 ] && return 2
|
||||
rm -f $PIDFILE
|
||||
return "$RETVAL"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
|
||||
do_start
|
||||
case "$?" in
|
||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
stop)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
status)
|
||||
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
|
||||
;;
|
||||
restart|force-reload)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1)
|
||||
do_start
|
||||
case "$?" in
|
||||
0) log_end_msg 0 ;;
|
||||
1) log_end_msg 1 ;; # Old process still running
|
||||
*) log_end_msg 1 ;; # Failed to start
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
# Failed to stop
|
||||
log_end_msg 1
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/nginx-logger-{{ type }} {start|stop|status|restart|force-reload}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
@ -1,20 +0,0 @@
|
||||
# {{ pillar.get('message_do_not_modify', '') }}
|
||||
# startup script for Nginx loggers
|
||||
|
||||
start on starting nginx
|
||||
stop on runlevel [!2345]
|
||||
|
||||
respawn
|
||||
|
||||
pre-start script
|
||||
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
|
||||
mkdir -p /var/log/nginx
|
||||
mkfifo /var/log/nginx/{{ type }}.fifo
|
||||
chown root.root /var/log/nginx/{{ type }}.fifo
|
||||
chmod 660 /var/log/nginx/{{ type }}.fifo
|
||||
fi
|
||||
end script
|
||||
|
||||
emits nginx-logger-{{ type }}
|
||||
|
||||
exec logger -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}
|
@ -1,23 +0,0 @@
|
||||
# nginx
|
||||
|
||||
description "nginx http daemon"
|
||||
author "George Shammas <georgyo@gmail.com>"
|
||||
|
||||
start on (runlevel [345] and started network)
|
||||
stop on (runlevel [!345] or stopping network)
|
||||
|
||||
env DAEMON=/usr/sbin/nginx
|
||||
|
||||
expect fork
|
||||
respawn
|
||||
respawn limit 10 5
|
||||
#oom never
|
||||
|
||||
pre-start script
|
||||
$DAEMON -t
|
||||
if [ $? -ne 0 ]
|
||||
then exit $?
|
||||
fi
|
||||
end script
|
||||
|
||||
exec $DAEMON
|
@ -1,28 +0,0 @@
|
||||
{% set logger_types = ('access', 'error') %}
|
||||
|
||||
{% for log_type in logger_types %}
|
||||
/var/log/nginx/{{ log_type }}.log:
|
||||
file.absent
|
||||
|
||||
nginx-logger-{{ log_type }}:
|
||||
file:
|
||||
- managed
|
||||
- name: /etc/init/nginx-logger-{{ log_type }}.conf
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 440
|
||||
- source: salt://nginx/templates/upstart-logger.jinja
|
||||
- context:
|
||||
type: {{ log_type }}
|
||||
service:
|
||||
- running
|
||||
- enable: True
|
||||
- require:
|
||||
- file: nginx-logger-{{ log_type }}
|
||||
- require_in:
|
||||
- service: nginx
|
||||
{% endfor %}
|
||||
|
||||
/etc/logrotate.d/nginx:
|
||||
file.absent
|
@ -1,30 +0,0 @@
|
||||
{% from "nginx/map.jinja" import nginx with context %}
|
||||
{% set htauth = nginx.get('htpasswd', '/etc/nginx/.htpasswd') -%}
|
||||
|
||||
htpasswd:
|
||||
pkg.installed:
|
||||
- name: {{ nginx.apache_utils }}
|
||||
|
||||
touch {{ htauth }}:
|
||||
cmd.run:
|
||||
- creates: {{ htauth }}
|
||||
|
||||
make sure {{ htauth }} exists:
|
||||
file.managed:
|
||||
- name: {{ htauth }}
|
||||
- makedirs: True
|
||||
|
||||
{% for name, user in pillar.get('users', {}).items() %}
|
||||
{% if user['webauth'] is defined -%}
|
||||
|
||||
nginx_user_{{name}}:
|
||||
module.run:
|
||||
- name: basicauth.adduser
|
||||
- user: {{ name }}
|
||||
- passwd: {{ user['webauth'] }}
|
||||
- path: {{ htauth }}
|
||||
- require:
|
||||
- pkg: htpasswd
|
||||
|
||||
{% endif -%}
|
||||
{% endfor %}
|
@ -1,31 +1,8 @@
|
||||
#=====
|
||||
# nginx: see `nginx.ng` state instead.
|
||||
#======
|
||||
nginx:
|
||||
install_from_source: True
|
||||
use_upstart: True
|
||||
use_sysvinit: False
|
||||
user_auth_enabled: True
|
||||
with_luajit: False
|
||||
with_openresty: True
|
||||
repo_version: development # Must be using ppa install by setting `repo_source = ppa`
|
||||
set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
|
||||
from_ips:
|
||||
- 10.10.10.0/24
|
||||
real_ip_header: X-Forwarded-For
|
||||
modules:
|
||||
headers-more:
|
||||
source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
|
||||
source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b
|
||||
#pid: /var/run/nginx.pid
|
||||
# Directory location must exist (i.e. it's /run/nginx.pid on EL7)
|
||||
|
||||
# ========
|
||||
# nginx.ng
|
||||
# nginx (previously named nginx:ng)
|
||||
# ========
|
||||
|
||||
nginx:
|
||||
ng:
|
||||
# The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
|
||||
# package will be installed. If one of the `install_from` option is set to `True`, the state will
|
||||
# make sure the other two repos are removed.
|
||||
@ -67,7 +44,7 @@ nginx:
|
||||
pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ###
|
||||
|
||||
|
||||
# Source compilation is not currently a part of nginx.ng
|
||||
# Source compilation is not currently a part of nginx
|
||||
from_source: False
|
||||
|
||||
source:
|
||||
|
@ -5,7 +5,6 @@
|
||||
# - create 'mysite' site
|
||||
|
||||
nginx:
|
||||
ng:
|
||||
snippets:
|
||||
letsencrypt:
|
||||
- location ^~ /.well-known/acme-challenge/:
|
||||
|
Loading…
Reference in New Issue
Block a user